Re: swamp rat bots Q

To: debian-user@lists.debian.org
Subject: Re: swamp rat bots Q
From: john doe <johndoe65534@mail.com>
Date: Fri, 4 Dec 2020 08:11:45 +0100
Message-id: <[🔎] 19a119fb-bb28-2d48-09d4-b6bbd0b66eae@mail.com>
In-reply-to: <[🔎] 202012040140.53109.gheskett@shentel.net>
References: <[🔎] 202012030735.27875.gheskett@shentel.net> <[🔎] 202012040003.57042.gheskett@shentel.net> <[🔎] 20201204060334.GB7548@bitfolk.com> <[🔎] 202012040140.53109.gheskett@shentel.net>

On 12/4/2020 7:40 AM, Gene Heskett wrote:

On Friday 04 December 2020 01:03:34 Andy Smith wrote:

Hello,

On Fri, Dec 04, 2020 at 12:03:57AM -0500, Gene Heskett wrote:

what file do I edit to add todays
/var/log/httpd/other_vhosts_access.log to its list of logs to
watch.  That's the log file with the real data in it today.  And
does it need enabled in another, different file.


Again we have been down this avenue before, but I will try one last
time.

It seems quite likely that the bot you have a problem with has the
same user agent string, or a very small variation on the same
string. If so then you can block it just with Apache.

So, can you show us a few lines of logs from your
/var/log/httpd/other_vhosts_access.log of the accesses from the
offending bot(s)?

No.  Bad idea.

By publishing the name of the bot, it probably will be changed before the
day is done. Far better IMO to tell me what files I need to edit, and


We did that to no avail.

I drop the ball on this one.

--
John Doe

Reply to:

References:
- swamp rat bots Q
  - From: Gene Heskett <gheskett@shentel.net>
- Re: swamp rat bots Q
  - From: Gene Heskett <gheskett@shentel.net>
- Re: swamp rat bots Q
  - From: Andy Smith <andy@strugglers.net>
- Re: swamp rat bots Q
  - From: Gene Heskett <gheskett@shentel.net>

Prev by Date: Re: swamp rat bots Q
Next by Date: Re: swamp rat bots Q
Previous by thread: Re: swamp rat bots Q
Next by thread: Re: swamp rat bots Q
Index(es):
- Date
- Thread